Race Condition in Linux Kernel Affecting Action Lifecycle Management
CVE-2026-53264

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53264?

A race condition vulnerability exists in the Linux kernel that can arise when the NEWTFILTER and DELFILTER actions are executed concurrently. This flaw may lead to a use-after-free (UAF) scenario, resulting in system instability or potential exploitation. The issue was addressed by modifying the action lifecycle management to incorporate deferred freeing, ensuring actions are not immediately deallocated while still being referenced. This enhancement utilizes RCU (Read-Copy-Update) to protect the actions, preventing memory corruption and safeguarding system integrity.

Affected Version(s)

Linux d7fb60b9cafb982cb2e46a267646a8dfd4f2e5da < 98b2e40879abf0245be5a5b7af69e0f6ff524ac3

Linux d7fb60b9cafb982cb2e46a267646a8dfd4f2e5da < 18af5d2ef0c4f65787fd1280c8b23286b9f2a835

Linux d7fb60b9cafb982cb2e46a267646a8dfd4f2e5da < 1f1b98fea6b9ea30507d0f2fbff6750292d097e2

References

https://git.kernel.org/stable/c/98b2e40879abf0245be5a5b7a...

https://git.kernel.org/stable/c/18af5d2ef0c4f65787fd1280c...

https://git.kernel.org/stable/c/1f1b98fea6b9ea30507d0f2fb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53264 Data

JSON